Cea-how step 9 questions

Learn to hack - 10 steps from beginner to hacker [2021 Guide]

Did you want to learn to hack?

This is the ultimate entry-level guide for novice hackers. You can use two strategies of hacking:

  1. If you are interested in computers and technology, go through the entire tutorial step-by-step.
  2. If you're less tech-savvy, skip to the social engineering section first to get started with non-tech hacking.


Beginners FAQ on learning to hack

Why should I learn hacking?

Lots legal Reasons motivate hackers worldwide to deal with hacking. I hack because ...

  • ... you can have a lot of fun while hacking.
  • ... you can hack yourself if you forgot your password.
  • ... you want to troll your friends (semi-illegally).
  • ... you want to build up a second income (or full-time job).
  • ... you want to get to know something new.
  • ... you want to know the hacking strategies to protect yourself from a hack.
  • ... you want to do something good for society.
  • ... and 1,203,523 other reasons.

Is hacking illegal?

You are allowed to hack if you hack your own systems or help other organizations or people to close their vulnerabilities (ethical hacking).

Any form of Self-enrichment, harmscausation, privacy breach and data theft (see hacker types). Pay attention to the hacking paragraphs in the law.

Use common sense to be clear about what should be allowed. Hacking is the unconventional creative change of an original activity or thing. The media associates the word “hacking” with a lot of negative news.

Steffen Lippke

Do I need prior knowledge?

No, you don't need any prior knowledge for this guide.

A broad prior knowledge or an IT degree will help you sort out new hacking topics faster. A foreigner with no IT knowledge can try social engineering strategies in the first step and dive into IT topics later.

You can do the tutorial more quickly work through if you enjoy working with technology and computers. Beginners to hacking benefit from stamina, advanced Google skills, reading comprehension and a lot of creativity.

My advice:Start hacking without thought or prejudice. Try out 1-2 hacking strategies on your own computer and you will gain your first experience.

Steffen Lippke

Do I have to be able to program?

No, programming helps you understand hacking tools more easily.

Programming is not a must for beginners. Both advanced You should familiarize yourself with the basics of a programming language.

You can check out my free beginner tutorials on TypeScript, Java or Laravel (PHP), that you can do without prior knowledge.

Which computers do I need to hack?

You need none fast and powerful computer for hacking. Windows, Linux, and macOS are equally good for hacking. Kali Linux is suitable as a hacking environment.

Most hacking software is “preinstalled” or is available for free (open source). A few professional hacking tools cost a lot of money that the well-paid hacking professionals use. In most cases, the Internet provides an open source alternative.

Hacker types - the motivators

Black Hat Hackers - Illegal and Criminal

Black hats are considered to be that Pizza-eaters Computer zombies. They sit in mom's basement and blackmail companies like Amazon, PayPal and Google, steal money and or cause damage. Black hats work illegally and end up in jail.

White Hat Hacker - Legal + Profitable

White hats show the joy of hacking websites, apps and programs. They help companies and people to find all possible errors, vulnerabilities and bugs in their software.

The IT professionals get one for the “hacking service” very good payso that the bug bounty programs turned LEGAL hackers into millionaires.

Steffen Lippke

Gray Hat Hackers - Business Risk

Gray Hats (in) intentionally publish their found vulnerabilities from known operating systems and software on the Internet. The Black Hats can exploit the vulnerabilities. Companies need to close the vulnerability quickly to reduce the risk of a black hat hack.

Script Kiddies - Big mouth and dangerous

The twelve-year-old script kiddies find a hacking tool on the internet. The minors (un) consciously attack companies or a private person and deliberately bring their victims to white heat.

Parents are held responsible for the damage caused by their child.

Professionals and penetration testers - makes sense

If you have a meaningful Are you looking for a job with a good salary, work in the IT security department of a company. Alternatively, you can earn your money in self-employment with the bug bounties.

Blue Team / Red Team - game and reality

The IT security analysts (protection = blue team) protect your systems against attacks by the ethical hacker group (attack = red team). In the competitions, the Blue Team protects a server with demo data from hackers. The hackers try to break into the system unnoticed.

This guide should motivate you White Hat, Professional or Blue Team / Red Team Hacker to become - Gray Hats, Black Hats and Script Kiddies are criminals who sit at the computer in my eyes.

Steffen Lippke

Ultimate Guide in 10 steps from 0 to becoming a hacker

These 10 steps should introduce you to hacking.

Step by step!

# 1 Get inspiration from the hacking stories

Some news websites and bloggers report the interesting hacks that have taken place in the past.

Todo: Read 3+ Inspirational Hacking Stories You will surely be surprised how easy it is to hack. The hackers use unconventional tricks to trick companies, paralyze computers and exert power over institutions. The stories to inspire Get you started with the hoes and give you an idea of ​​what these are Super ability can do anything:

  • The hacker Capitan Crunch made free calls at home and abroad via AT&T by creating a 2,600 hertz tone through a whistle on a toy (1969).
  • The Crypto Trojan Conhive generated bitcoins with the performance of computers that visited a Coinhive-infected website. This trojan is a real money printing machine.
  • The Morris virus paralyzes a large part of the UR Internet. 6,000 computers fail and the hacker has to pay a $ 10,000 fine for it (1988).
  • Criminals steal the documents from NASA about the Mars mission (2019).

In reading the stories I must come across the old errors and bugs in software smile.

The bloggers describe the hacks clearly and with the necessary dramabecause the hacks can end more serious.

Reading. Be motivated. Let yourself be inspired and start with the next step to becoming a hacking professional in this guide.

Steffen Lippke

The stories should motivate you to see hacking as something worth striving for. You will learn the power through the hacking stories that a hacker can wield on companies and institutions.

# 2 First successful hacking attempt

As a second step, try hacking beginner tutorials.

Todo: Hack your own systems. Alternatively, the Internet provides public demo hacking systems to give you a first impression of the activity.

You can learn the technical knowledge behind it in the next few steps. My beginner hacking tutorials are tailored to a specific case. The tutorials to guarantee Your success when you follow the instructions exactly.

In reality, the professionals hack according to the trail-and-error principle and a prior collection of information.

# 3 Set your focus

You can start hacking in many different areas.

Top tip: Start with the area of ​​hacking that interests you most.

Steffen Lippke

All hacking areas are closely intertwined. You can reuse what you have already learned in another hacking section. In the beginning, you shouldn't bring up too many topics. Set a focus so that an initial success is visible.

# 4 Understand technical basics

The following section gives you a wide range of topics from the field of the web.

Some of the technical basics will help you understand the hacking software better. You will overlap with other areas e.g. B. Networks and Android notice. The list below can be expanded with other topics.

Todo: Find out the basics of your hacking rubric.

You don't have to learn all the basics at once to hack. The more you know, the more tools you have to hack successfully. One is enough for a successful hack Consolidation in only 1 basic topic so that you can hack into someone else's system.

Tip: Many authors write the best depictions of hacking and programming in English. Don't let English texts put you off. At school you only learn everyday English. The hacking / programming world uses a lot of technical words and terms that you will learn over time. Use the reference work dict.cc to look up individual words and the translation service deepl.com to translate entire texts.

  • The Internet: OSI model, routing, packets, frames, Ethernet, IP addresses, TCP, UDP, various protocols such as HTTPs, HTTP, FTP, Telnet, SSH, etc.
  • Anonymity on the web: Virtual Private Network (VPN), The Onion Router (TOR), Cookies, Fingerprinting, WhosIP, Backtracing
  • Design a website:Basics of HTML, CSS and JavaScript / TypeScript, JavaScript Trojans, Bitcoin miners
  • Web: Ports, sessions, tokens, request methods, encryption on the Internet, browser engines
  • Old and modern databases:Database types, transactions, accesses, tables, columns, data records, SQL, NoSQL
  • Old and modern architectures:3-tier architecture, REST-API, Graph-QL, microservices
  • Online lectures: I recommend software architecture, operating systems and networks (communication systems) to you
  • (optional: a real programming language like Java, Swift from Apple, C family, Python, Ruby etc. ...)

# 5 Working out hacking basics

Before you start to hack third-party systems, you should be aware of the applicable law. With well-intentioned hacking, you can quickly make yourself liable to prosecution if you cross a boundary such as your privacy.

Todo: Hack your own systems first. In the following, I list the most important hacking topics that you can delve into step-by-step.

  • OWASP Top 10: The Open Web Application Security Project (OWASP) aims to make the digital world of tomorrow more secure. The TOP 10 show you the most common mistakes made by developers. V.find all 10 vulnerabilities. The probability that you will find a top 10 bug is high. An efficient hacker uses the OWASP Top 10. In the 20% of the search time you will find 80% of the weak points (Paetro principle).
  • Bugs in software: Why do errors occur in the software? How do companies prevent the hacking loopholes? How can I discover software errors? Is there any bug-free software? Find out about good software quality and the bug bounty programs.
  • Social engineering: If you're not that technical and have good speaking and acting skills, try social engineering. The tricks of non-technical hacking will take you on a different path to hacking success. Read the “Social Engineering” section if you are interested in the subject.
  • Hacking process: Deal with the essential attacks, methods and procedures in hacking such as B. a Buffer overflow, attacks on encryption, reverse engineering or brute force. Every hacker should know these guys.
  • Types of malware: Malware comes in different forms: (polymorphic) viruses, keyloggers, rootkits, RAT, Trojans, worms and adware. Each type of malware has a different goal. Find out more about malware in my 19 Malware Types Guide.
  • Vulnerabilities: Hackers love vulnerabilities. IT professionals break into third-party systems without much effort or hacking brains. The Common Vulnerabilities and Exposures (CVE) are software (and hardware) errors. MITER should only list the CVEs that the company can optimally update (patch). The CVSSv3 vector shows the severity of a vulnerability. 10 is the maximum.

# 6 Switch to Kali Linux

Todo: Install Kali Linux on a virtual machine, a separate hard drive or partition.

Kali-Linux is a Linux system that comes with many hacking programs right from the start. You can start the hoes without searching for the programs and running your hair out on the installation procedures.

Advice on software: Focus on the functionality, correct use and the setting options of the hacking tools.

Steffen Lippke
  • Linux basics: Find out more about the following topics: the differences to Windows, macOS and other operating systems, advantages and disadvantages of Linux systems, rough structure and function of UNIX
  • Basics of bash: Like Windows (CMD, PowerShell), Linux has a console. Sooner or later you will love the freedom in the console. Learn the basics of the console to make many hacking tools easier to use. When penetrating other systems, you can Rare use a graphical user interface. With the 11 words (Commands) you can perform 80% of the most important actions in the console.

# 7 Find out about the bug bounty programs

So that hacking doesn't lose its appeal, you should register for a bug bounty program.

Tech companies like Microsoft, Apple, and other large IT companies give hackers a nice penny (up to USD 1,000,000)if they point out the weak points to the company in a professional manner.

Steffen Lippke

The HackerOne website offers a platform where small and large companies can offer bug bounties. Register for free today. I explain how you can earn money with HackerOne in the bug bounty tutorial.

# 8 Learn to Hack - Manual Steps

Todo: Start with manual hacking.

The website "Hack This Site" is suitable as a hacking playground. The website remains unprotected against the most popular hacking strategies so that new hackers can learn the basics in practice. Start with the following strategies:

  1. Enter an XXS script in an input field and wait for the reaction.
  2. Test an SQL injection to bypass a password-protected login.
  3. Use the standard password lists to hijack the admin account.
  4. Start collecting information on the target (server type, operating system, framework, operator, location, known CVEs) to get an overview of the target.

The following websites offer some tutorial and hacking sandboxes where you can let off steam:

  • DefendThis: An interactive hacking platform
  • Hack.me: a website to hack at the push of a button (without acting illegally)
  • Juice Shop: Hack a juice shop webshop locally on your computer

# 9 Automatic Hacking + Scanning Tools

Know some of the basics mentioned from steps 4 and 5 before reading any further. Learn the basics of a particular hacking tool before using the program.

  • How does the tool work?
  • What do the manual commands look like in the console?
  • What can I achieve with the program?
  • What are the challenges?
  • When and why does this hack work?

The script kiddies skip all the basics, don't know the legal situation and start hacking. The parents can (in the worst case) be sued for imprisonment and the children can be admitted to psychiatry.

Here is a list of the known hacking tools:

  • Burp: Vulnerability Scanners and Manual Web Hacking Tools
  • Nmap (Zenmap): Network scanning tool for network administrators
  • Nessus: Vulnerability Scanner from Tenable
  • Wireshark: network recordings and packet analysis
  • HTTPrint: recognition software for frameworks, servers and Co.
  • Metasploit: Penetration testing platform with vulnerabilities
  • OpenVAS: Open Source Vulnerabilities Scanner
  • SQLmap: SQL injection tester with an automatic
  • AirCrack: crack W-LAN or test a W-LAN for security
  • ... and 25 other top hacking tools

# 10 Carry on every day

Good hacker never stop learning. Every day the hacker learns new hacking methods, tries out trends and plays around with the console.

The hacker GOT TO learn new things because hacking changes every day. Many new vulnerabilities, protection mechanisms and hacks appear on the Internet every day.

Social engineering - learn to hack

Social engineering is based on psychological tricks. The idea of ​​social engineering is to exploit the "human" weak point. You try to manipulate people in order to get passwords or access.

At the Federal Intelligence Service of Germany (and also in the USA) there are officials who have mastered such social engineering tricks and who can find access to any company or authority. You are not trying to outsmart high-security computers, but rather the people who are authorized to use the high-security computers.

Steffen Lippke

I have prepared a few tutorials for you that you can do with social engineering. You don't need any previous knowledge, no IT degree and you don't have to be a technology freak:

With the psychological tricks and acting, hackers can get hold of almost any password. Criminals can bypass IT security spears and get confidential information.

7 Habits of a Successful Hacker

What makes a good hacker? This section is intended to tell you which Soft skills As a hacker, you should watch out. You should memorize the following habits right from the start.

A good hacker ...

  1. ... does not give up so quickly and does not expect quick success. If a hack doesn't work, it looks for a new approach. If they don't understand a technology, they proactively ask someone else.
  2. ... gets to know new hacking strategies every day. If the hacker stops technologically, it will fail more often in the future. A good hacker is always up-to-date, educates himself and goes out among people.
  3. ... informs himself about the latest vulnerabilities in computer software / hardware (CVEs)
  4. ... works with other hackers and programmers. A hacker shouldn't be a loner. The hacking spaces, conferences and meetings offer the ideal platform for new ideas.
  5. ... proceeds strategically and tries to improve and adapt his processes with automated tools. Before using a tool, he thinks carefully about which one is the right one. You don't use a hammer on a screw!
  6. ... specializes in one area of ​​hacking and delves deeply into the subject. Superficial learning won't get you there as quickly as going deep into a lesson.
  7. ... takes breaks (with Pomodoros and after 8 hours it is over). Don't love to hack. You should be able to get started with full motivation and zest for action during the hacking time.

Learn to Hack - More Resources

Source reference images: Icons and SVG graphics in the cover image of Microsoft PowerPoint 2019, freely available according to EULA
*) By subscribing to the newsletter, you agree to the analysis of the newsletter through individual measurement, storage and analysis of opening rates and click rates in profiles for the purpose of designing better newsletters in the future. You can revoke your consent to receive the newsletter and the measurement with effect for the future. The dispatch takes place with MailChimp. More in the privacy policy.